1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6

Analysis

max time kernel
69s
max time network
184s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
22/10/2023, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe
Size

1.8MB
MD5

1b4d62c3268d304edfd34001c1d05f0c
SHA1

87692cd9618c3b5a2265ead9c508d1f8a0b8c896
SHA256

1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6
SHA512

bc4151d59e999d69ffc06ff7e9978c999346eddfaeb895272015c9c41763648f9e08e19a8d814cd928585582f879444d06748549298ef33f3c622d1062631c4d
SSDEEP

49152:UJGi9vXbCsvr5BaAGbM0USznqoaGKHD82ygpM4cet6LZx:UIi9Oer5BaxQQqof+DqVtet6L/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4816	rundll32.exe
4288	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1792	2440	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	71
PID 2440 wrote to memory of 1792	2440	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	71
PID 2440 wrote to memory of 1792	2440	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	71
PID 1792 wrote to memory of 2888	1792	cmd.exe	73
PID 1792 wrote to memory of 2888	1792	cmd.exe	73
PID 1792 wrote to memory of 2888	1792	cmd.exe	73
PID 2888 wrote to memory of 4816	2888	control.exe	74
PID 2888 wrote to memory of 4816	2888	control.exe	74
PID 2888 wrote to memory of 4816	2888	control.exe	74
PID 4816 wrote to memory of 2864	4816	rundll32.exe	75
PID 4816 wrote to memory of 2864	4816	rundll32.exe	75
PID 2864 wrote to memory of 4288	2864	RunDll32.exe	76
PID 2864 wrote to memory of 4288	2864	RunDll32.exe	76
PID 2864 wrote to memory of 4288	2864	RunDll32.exe	76

C:\Users\Admin\AppData\Local\Temp\1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe
"C:\Users\Admin\AppData\Local\Temp\1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\D~LeWK.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1792
- - C:\Windows\SysWOW64\control.exe
    cONtrol "C:\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9MZQXDE.~"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9MZQXDE.~"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4816
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9MZQXDE.~"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2864
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9MZQXDE.~"
        6⤵
        Loads dropped DLL
        
        PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8893F7D7\D~leWK.bat

Filesize
28B

MD5
3484354f1a65032f6a6186bae61fad9d

SHA1
f2f929103fa1d071368cdfa73cd56552bfc10972

SHA256
0bbcaa5f8eb8ccd4f8348b0f618d7a7cd2356a39cfdab7d6169d893881a96bd2

SHA512
bd9637d3d4ebb283161d21bdbd1b2d48269c0b4867cb906e4dbc06f7aa3e607918c7171fde584f7c94751d8a308c33047baa8c87b42493789603b3122d33b095

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9MZQXDE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8893F7D7\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
memory/4288-28-0x00000000047E0000-0x00000000048E2000-memory.dmp

Filesize
1.0MB

Download
memory/4288-27-0x00000000047E0000-0x00000000048E2000-memory.dmp

Filesize
1.0MB

Download
memory/4288-24-0x00000000047E0000-0x00000000048E2000-memory.dmp

Filesize
1.0MB

Download
memory/4288-23-0x00000000046C0000-0x00000000047DC000-memory.dmp

Filesize
1.1MB

Download
memory/4288-19-0x00000000006F0000-0x00000000006F6000-memory.dmp

Filesize
24KB

Download
memory/4816-9-0x0000000010000000-0x00000000101C4000-memory.dmp

Filesize
1.8MB

Download
memory/4816-17-0x0000000005190000-0x0000000005292000-memory.dmp

Filesize
1.0MB

Download
memory/4816-16-0x0000000005190000-0x0000000005292000-memory.dmp

Filesize
1.0MB

Download
memory/4816-13-0x0000000005190000-0x0000000005292000-memory.dmp

Filesize
1.0MB

Download
memory/4816-12-0x0000000005070000-0x000000000518C000-memory.dmp

Filesize
1.1MB

Download
memory/4816-8-0x0000000000D60000-0x0000000000D66000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads